IT security for working from home
10 golden rules for a secure home office
A large proportion of German employees currently work from home – from clerks to managing directors. In many cases, this brings with it new IT security risks. Hackers are also increasingly exploiting the current insecurity.
The need for home office hit most companies overnight without the necessary time for preparation. Video conferencing, cloud applications and mobile devices offer an enormous facilitation for decentralized cooperation. Nevertheless, these infrastructures also open up new points of attack for cybercriminals by adding thousands of outdated computers, unsecured routers and poorly protected WLAN connections all at once. How can companies successfully protect their employees’ home offices from hacker attacks under these conditions? The following 10 golden rules can give a guidance:
- All employees who are connected to the company network should be given binding and clear rules for the protection of IT and data in the company – in writing.
- Protect end devices from attacks from the Internet. The current need for digital connectivity in the corona crisis is increasingly being exploited by hackers. Malware is smuggled onto computers via fake websites, e-mails or graphics from apparently trustworthy sources.
- Protect data on the end devices. Especially organizations with high security requirements should equip the end devices of their employees with hard disk encryption. Only authorized users can then use multi-factor authentication to access their data and the operating system. If the device is lost or stolen, it is not possible for third parties to access the data.
- Basic security measures. The workplace within one’s own four walls should be physically secured by locking doors and locking screens. It is also advisable to cover the webcam on the computer or laptop when it is not in use, and to switch off the microphone when not in use to avoid possible espionage attacks.
- Secure your home WLAN connection. The default administrator password should be replaced with a new, strong password and WPA2 encryption should be enabled.
- Update operating systems, web applications and apps. Keep your company’s IT technologies up to date – this is an essential protection against hackers. All employees should therefore regularly update and work with the latest system version.
- Beware of impostors. Attackers deceive and trick to get passwords, bank details or access information. For example, they send deceptively real-looking e-mails. In addition to phishing, caution should also be exercised with calls, SMS, social media content and fake messages distributed via Messenger. This so-called social engineering is one of the biggest risks in the home office in times of dramatic change.
- Companies should use secure communication channels to connect the tablets, smartphones or PCs of home office employees to the corporate network. Virtual private networks (VPNs) are recommended. They establish connections between the end device and the company network via a “secure tunnel”.
- Use strong passwords. Passwords protect applications from unauthorized access. The more complex and unique passwords are, the harder they are to crack. Multi-factor authentication using a PIN, fingerprint or password, for example, offers additional protection against access by unauthorized third parties.
- Protect data in the cloud. Cloud applications and collaboration services are ideal for decentralised working. But the protection mechanisms of cloud providers usually do not meet the security requirements of many companies. There is a risk of data espionage and compliance violations. The solution is data-centric protection: placeholders are placed in the cloud that only contain metadata that is necessary for collaboration and workflows. The user data worthy of protection is stored fragmented in the corporate network or at another location.